CVE Catalog

CVE-2026-55686

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability in Podman from version 3.0.0 to 5.7.1 allows, by running a malicious container image where the WORKDIR path contains a symlink, to create a directory or modify ownership on the host filesystem. Ownership modification is less likely as it requires help from an untrusted process to trigger a race condition.

Risk Assessment

An attacker can gain unauthorized access to the host filesystem, potentially creating directories or modifying permissions, which could lead to privilege escalation or system integrity compromise.

Recommendation

Immediately update Podman to version 5.7.1 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an untrusted/malicious process that mutates the host filesystem tree during dereferencing of the WORKDIR path, to trigger a race condition. This vulnerability is fixed in 5.7.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS